In 2014 the National Institute of Standards and Technology (NIST) introduced a Cybersecurity Framework in response to an executive order calling for "a set of industry standards and best practices to help organizations manage cybersecurity risks". Since then, this Framework has evolved to become one of the most cited guidelines
used by enterprise auditors to standardize cybersecurity expectations. With this evolution, security awareness and security awareness training programs are no longer considered "recommendations" but rather unofficial requirements for businesses of every size.